<?php
session_start();

define('DB_HOST',   'yallara.cs.rmit.edu.au:53936');
define('DB_NAME',   '');

define('DB_USER',   '');
define('DB_PW',     '');

if (!$dbconn = mysql_connect(DB_HOST, DB_USER, DB_PW)) {
  echo 'Could not connect to mysql on ' . DB_HOST . "\n";
  exit;
}


if (!mysql_select_db(DB_NAME, $dbconn)) {
  echo 'Could not use database ' . DB_NAME . "\n";
  echo mysql_error() . "\n";
  exit;
}


$_SESSION['SESS_USER_ID'] = 0;
$_SESSION['SESS_LOGGED_IN'] = false;

$email = $_POST['email'];
$password = $_POST['password'];
$password = md5($password);
$query="SELECT user_id, is_banned, is_admin FROM user WHERE email='$email' AND password='$password'";
$result=mysql_query($query,$dbconn);

if(mysql_num_rows($result)>0) //Login Successful
	{
		session_regenerate_id(); //Regenerate session ID to prevent session fixation attacks
		$user=mysql_fetch_array($result);
		
		$_SESSION['SESS_USER_ID'] = $user['user_id'];
		$_SESSION['SESS_BANNED_ID'] = $user['is_banned'];
		$_SESSION['SESS_ADMIN_ID'] = $user['is_admin'];
		$_SESSION['SESS_LOGGED_IN'] = true;
		
		session_write_close();	//close connection
		echo '<html><head><meta http-equiv="refresh" content="3, index.php" /> <link href="template.css" type="text/css" rel="stylesheet" /><title>Logged in</title></head><body>Login succesful...redirecting in 3 seconds</body></html> ';
		exit();
	}
else
{
	echo '<html><head><meta http-equiv="refresh" content="3, index.php" /> <link href="template.css" type="text/css" rel="stylesheet" /><title>Logged in</title></head><body>Login failed...redirecting in 3 seconds</body></html> ';
}
?>